build(deps): bump actions/cache from 5.0.5 to 6.1.0

[dependabot]

Bumps actions/cache from 5.0.5 to 6.1.0.

Release notes

Sourced from actions/cache's releases.

v6.1.0

What's Changed

• Bump @​actions/cache to v6.1.0 - handle read-only cache access by @​jasongin in actions/cache#1768

Full Changelog: actions/cache@v6...v6.1.0

v6.0.0

What's Changed

• Update packages, migrate to ESM by @​Samirat in actions/cache#1760

Full Changelog: actions/cache@v5...v6.0.0

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

• Bump @actions/cache to v6.1.0 to pick up actions/toolkit#2435 Handle cache write error due to read-only token
• Switch redundant "Cache save failed" warning to debug log in save-only

6.0.0

• Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
• Migrated to ESM module system
• Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

• Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
• Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
• Bump fast-xml-parser to v5.5.6

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

... (truncated)

Commits

• 55cc834 Merge pull request #1768 from jasongin/readonly-cache
• d8cd72f Bump @​actions/cache to v6.1.0 - handle cache write error due to RO token
• 2c8a9bd Merge pull request #1760 from actions/samirat/esm_migration_and_package_update
• e9b91fd Prettier fixes
• e4884b8 Rebuild dist
• 10baf01 Fixed licenses
• e39b386 Fix test mock return order
• b692820 PR feedback
• 6074912 Rebuild dist bundles as ESM to match type:module
• 5a912e8 Fix lint and jest issues
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Updated the caching action used in CI to a newer version for both build and coverage jobs.
  • No changes to cache settings or workflow behavior were made.

[github-code-quality]

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/arkor

The overall coverage remains at 99%, unchanged from the main branch.

TypeScript / code-coverage/create-arkor

The overall coverage remains at 56%, unchanged from the main branch.

TypeScript / code-coverage/cli-internal

The overall coverage remains at 97%, unchanged from the main branch.

TypeScript / code-coverage/studio-app

The overall coverage remains at 53%, unchanged from the main branch.

---

_{Updated June 26, 2026 19:46 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

[Copilot]

Pull request overview

This PR updates the GitHub Actions actions/cache dependency used in CI from v5.0.5 to v6.1.0 (pinned by commit SHA), keeping the workflow’s caching behavior current with upstream changes.

Changes:

• Bump actions/cache from 27d5ce7… (v5.0.5) to 55cc834… (v6.1.0).
• Apply the bump consistently across Turborepo cache steps and Playwright browser cache steps in both the main matrix job and the coverage job.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[k-taro56]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 0ee2e6a3-471d-4717-bdb7-a900d083bb0c

📥 Commits

Reviewing files that changed from the base of the PR and between d62dce6 and 9b98f6b.

📒 Files selected for processing (1)

• .github/workflows/ci.yaml

📜 Recent review details

⚠️ CI failures not shown inline (1)

GitHub Actions: Running Copilot Code Review / 0_copilot-pull-request-reviewer.txt: Running Copilot Code Review

Conclusion: failure

View job details

##[group]Run set -euo pipefail
 �[36;1mset -euo pipefail�[0m
 �[36;1mecho "RUNNER_TEMP=$RUNNER_TEMP"�[0m
 �[36;1mfind "$RUNNER_TEMP" -maxdepth 1 -type f -name 'git-credentials-*.config' -print -delete�[0m
 �[36;1m�[0m
 �[36;1m# Generate a unique token and stop processing workflow commands to prevent the runtime from injecting commands�[0m
 �[36;1mSTOP_***REDACTED*** /proc/sys/kernel/random/uuid)�[0m
 �[36;1m�[0m
 �[36;1m# Use a trap to ensure we always resume command processing and check for�[0m
 �[36;1m# fallback error annotations, even if the runtime exits with a non-zero code�[0m
 �[36;1m# (which would otherwise cause set -e to abort the shell before we get here).�[0m
 �[36;1m# The trap preserves the original exit code.�[0m
 �[36;1mcopilot_cleanup() {�[0m
 �[36;1m  echo "::$STOP_***REDACTED***
 �[36;1m  FALLBACK_FILE="${RUNNER_TEMP}/copilot-fallback-error.txt"�[0m
 �[36;1m  if [ -f "$FALLBACK_FILE" ]; then�[0m
 �[36;1m    FALLBACK_MSG=$(head -c 500 "$FALLBACK_FILE" | tr -d '\n\r')�[0m
 �[36;1m    echo "::error title=Copilot Error::${FALLBACK_MSG}"�[0m

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2026-06-08T13:53:50.495Z

Learnt from: k-taro56
Repo: arkorlab/arkor PR: 174
File: .github/workflows/release.yaml:55-58
Timestamp: 2026-06-08T13:53:50.495Z
Learning: When validating that a pinned GitHub Actions commit SHA matches a version tag, do not compare the pinned SHA against `gh api repos/{owner}/{repo}/git/refs/tags/{tag}`’s return value directly. That endpoint returns the annotated tag object SHA, not the underlying commit SHA. For annotated tags, dereference the tag object to the commit by calling `gh api repos/{owner}/{repo}/git/tags/{tag_object_sha}` and using `.object.sha` as the commit SHA to compare against the workflow’s pinned SHA. (e.g., `actions/checkout` v6.0.3: tag object SHA `9f698171ed81b15d1823a05fc7211befd50c8ae0` → underlying commit SHA `df4cb1c069e1874edd31b4311f1884172cec0e10`).

Applied to files:

• .github/workflows/ci.yaml

🔇 Additional comments (1)

.github/workflows/ci.yaml (1)

121-121: LGTM!

Also applies to: 175-175, 552-552, 576-576

---

Walkthrough

Upgrades the actions/cache GitHub Actions action from v5.0.5 to v6.1.0 in four cache steps (Turborepo and Playwright browsers) across the build and coverage jobs in .github/workflows/ci.yaml. No cache keys, paths, or other step configuration are changed.

Changes

CI Cache Version Bump

Layer / File(s)	Summary
Cache step upgrades in build and coverage jobs .github/workflows/ci.yaml	actions/cache reference updated from v5.0.5 to v6.1.0 in both the Turborepo and Playwright browser cache steps within the build job (lines 120–122, 173–176) and the coverage job (lines 550–553, 574–577).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

• k-taro56

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the dependency bump from actions/cache 5.0.5 to 6.1.0.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/github_actions/actions/cache-6.1.0

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch dependabot/github_actions/actions/cache-6.1.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[k-taro56]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.